#40: 17K fake news sites for phishing, Congress forms a fraud task force, Florida’s fraud rate
Fake news farms. Flimsy fraud bills. And Florida.
This week, we’re breaking down three very different, but equally telling, stories: a new report on fake news sites being used for phishing, a congressional bill that looks like a placeholder more than a plan, and yet another reminder that the fraud problem is getting worse in places that don’t have strong defenses.
Let’s get into it.
NATE'S TAKE - JULY 15, 2025
Top Three This Week
- 17,000 fake news websites built to phish
- Congress forms a fraud task force (but don’t expect much… yet)
- Florida’s fraud rate is 56% higher than the national average
1. 17,000 fake news websites built to phish
Researchers at Infoblox uncovered a massive operation they’re calling BaitTrap – a network of over 17,000 fake news and media websites used to lure victims into scams and credential theft.
What makes these sites so convincing isn’t just their design (many spoof real news outlets), but their infrastructure. They’re spun up across multiple providers, mimic legitimate media metadata, and even trick social platforms into boosting engagement.
Here’s the playbook:
- Victims click on what looks like a news article or social post
- They’re redirected through several layers of cloaked domains
- Eventually, they land on scam sites pushing fake software downloads, investment schemes, or phishing pages
These sites also frequently exploit push notifications, a tactic covered in FIF36’s deep dive into VexTrio and fake CAPTCHAs. Once a user accepts notifications, the scam site can bombard them with fake alerts even when they’re not browsing.
BaitTrap shows how phishing infrastructure is evolving. These aren’t one-off sites. They’re part of vast affiliate-style networks, blending adtech with fraud. Phishing is no longer a channel-specific problem; it’s hiding in SEO, social, and “news.” Watch for signals like mismatched metadata, aggressive push prompts, and cloaked redirects in your fraud detection stack.
2. Congress forms a fraud task force (but don’t expect much… yet)
Congress just introduced the TRAPS Act (the Task Force for Recognizing and Averting Payment Scams) – a bipartisan bill to create a federal task force focused on payments fraud. But what sounds like a big move is really a soft first step: an eight-page bill that establishes nine meetings over the next three years.
There’s no funding, no mandates, no new protections for consumers. It’s a symbolic effort designed to let lawmakers say “we’re doing something”without actually doing much of anything.
It does reflect rising pressure. We’ve seen a 25% year-over-year jump in consumer fraud losses ($12.5B in 2024), and regulators have been sounding alarms. But this task force is the legislative version of a holding pattern: a way to show concern without slowing down businesses or getting in the way of economic optimism.
Fraud leaders should expect the hype cycle to start soon. Vendors will cite this as proof that regulation is coming. But the signal here is not urgency. It’s that the problem has gotten too big to ignore publicly, even if no one’s ready to act.
Keep building for what’s already here.
3. Florida’s fraud rate is 56% higher than the national average
A new report shows Florida leads the U.S. in internet fraud, with rates 56% higher than the national average. Naples, Lakeland, and The Villages are among the hardest-hit metros.
Top tactics include:
- Romance scams
- Crypto investment cons
- Phishing links on social media
The Naples Police Department noted that while the dollar amounts of individual cases vary, every victim shares one thing in common: they didn’t think it could happen to them.
This reinforces a trend we’ve covered before. Fraud is becoming hyperlocal and platform-agnostic. As scammers scale through phishing kits, spoofed websites, and social reach, it’s no longer just the big cities or high-income targets getting hit. It’s everywhere.
Fraud teams should take note: The biggest risk isn’t a new method. It’s underestimating the reach of the old ones. Your prevention models should reflect not just transaction data, but identity anomalies, behavioral context, and the ways legitimate-looking traffic can still be malicious.
===
That’s all for this week! For more insights, follow us on LinkedIn or X, and if you want to learn more about what we do, visit www.specprotected.com.
Ready to get started with Spec?
Nate Kharrl, CEO and co-founder at Spec, has built leading solutions for application security and fraud challenges since the early days of the cloud era. Drawing from his cyber experience at Akamai, ThreatMetrix, and eBay, Nate helped found Spec to focus on the needs of businesses operating in a landscape of increasing AI risks. Under Nate’s leadership, Spec grew from its mid-pandemic founding to raise $30M in venture-backed funding to build solutions used by Fortune 500 companies transacting billions in online commerce. Spec’s service offerings today include protective measures for websites and APIs that specialize in defending against attacks designed to bypass bot defenses and risk assessment platforms.
Frequently Asked Questions
“With Spec, we can mitigate fraudulent activity, protect our revenue, and create a better user experience so that Indiegogo can remain a trusted crowdsourcing platform.”
Payments Manager
